Back to skill
Skillv0.1.0
VirusTotal security
Duckse · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:32 AM
- Hash
- 8cbc31c7ea9bc419534bedd35922151abc17e5a6e6c41e0daf7c988482fe411b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: duckse Version: 0.1.0 The skill is classified as suspicious due to the inclusion of a `curl | bash` command in `SKILL.md` for installing the `duckse` tool. This instruction directs the AI agent to download and execute a script from a remote GitHub repository (`https://raw.githubusercontent.com/dwirx/duckse/main/scripts/install.sh`) without explicit review, posing a significant supply chain risk. While the stated purpose is benign (installing a web search utility), this method allows for the execution of arbitrary remote code, which could be maliciously altered at any time.
- External report
- View on VirusTotal